Microsoft API to login

some suggestions for Gibbon of open API one of the schools I am supporting in China has been testing Microsoft API to login to Gibbon recently.

They found that, when they use Microsoft API to login, it only recognized my primary email address, which means Gibbon may not recognized the user’s alternative email when using open API.

They suggest Gibbon developer could allow users to choose the primary email address so that the Microsoft API could regonized the email correctly, or they could allow that recongized the alternative email address.

Hi Brian,

For security purposes, only the primary email address is used, as this is the only one that can be guaranteed to be unique as well as present in the system. For most schools, this is also the organization-level email address, whereas the alternate email could be random personal email addresses, which will not work with the SSO setup for an organization. For example, Google restricts SSO login to only emails in the same domain, and I suspect the Microsoft one does as well.

Hope this helps.